2 min read

Azure Arc - Add servers from Update Management

Azure Arc - Add servers from Update Management
Azure Arc Agent Deployment

The good thing about the Azure Arc is that you can deploy the agent in many different ways. As of today, you can deploy the agent using the following methods:

  • Using a deployment script
    • This approach is for smaller environments
  • Using a service principle
    • This option is suitable for large-scale deployments
  • Using Azure Update Management
    • This option is good for the existing Azure Update Management customers. In this case, you already have the Microsoft Monitoring Agent installed on your servers.
  • Using Az.ConnectedMachine PowerShell module
    • I like this one as well. You can build up your custom installation script with different logic for tagging etc. Good for large-scale deployments as well
  • Using Desired State Configuration
    • Suppose you are using Azure Automation DSC or an on-premises version of DSC. In that case, this may also be good in large-scale deployment scenarios.
  • Using a Script feature in Configuration Manager
  • Using a Group Policy
  • Using Windows Admin Center
  • Using a Custom Task Sequence in Configuration
    • Suitable for large-scale deployments. You can customize the deployment based on different conditions and needs.

As you see from this list, you have plenty of agent deployment methods. Pick and choose the one that suits you the best.

This post shows you how to install the agent through the Azure Update Management feature. If you are using Azure Update Management today, you have noticed that Microsoft uses the Patch-MicrosoftOMSComputers runbook for patching.

Microsoft fully manages this runbook, and you don't have any access to that. It is also a special runbook because it can run directly on your servers. If you create a custom runbook for yourself, then you cant do the same. You can only execute the runbook through Azure Automation Hybrid Worker.

Now with Azure Arc, Microsoft introduces another new runbook called Add-AzureConnectedMachines. Microsoft fully manages this runbook and can also run on your servers directly.


To deploy Azure Arc through Azure Update Management, you need the following:

  • Azure Log Analytics Workspace
  • Microsoft Monitoring Agent should be installed and configured on your servers
  • Azure Automation Account
  • Azure Update Management solution activated

You can use the same method for Linux servers as well. We are not limited only to Windows servers

Azure Arc agent deployment through Update Management

Follow the steps to deploy the agent through Update Management.

  1. Open Azure Portal and search for Azure Arc
  2. On the Azure Arc panel, select Servers
  3. On the Add servers with Azure Arc panel, select Add servers from Update Management (preview)
  4. On the Add non-Azure machines from Automation Account, specify the following information:
    a. Subscription
    b. Resource Group
    c. Location
    d. SPN
    e. Proxy server, if necessary
  5. Select machines to target
  6. Specify the Tags
  7. Review the deployment information and click Add machines

These steps kick off the Add-AzureConnectedMachines runbook. If you add Windows server-based operating systems, you see that it kicks off the child runbook called Add-AzureConnectedMachineWindows. If you also selected Linux servers, you see the Add-AzureConnectedMachineLinux runbook.

Agent Deployment through Azure Update Management

Check out the official documentation about this topic - Connect machines from Azure Automation Update Management - Azure Arc | Microsoft Learn